Free Issue of Exploit Magazine Released!

Check out the new Exploit Magazine! The first issue of the Exploit Magazine has just been published. It is totally devoted to Metasploit Framework.

  • Metasploit Framework – Demystified: Introduction to Metasploit Framework
  • Metasploit Exploitation Samples

You can download the magazine for free after registering as a free user. I hope that you will enjoy the content. Register now and enjoy future free issues of the Exploit Magazine:

http://theexploitmag.com/category/magazine

Exploit Magazine is looking for authors!

Are you a computer security expert or researcher that knows a thing or two about exploits and exploit defense? Share you knowledge with the community!

Contact me at cyberarms(at)live.com for more information.

Advertisements

Calling all Security Writers!

Are you a security expert, network/web admin, teacher or student who knows a thing or two about security and wants to share your knowledge? Working on a security project and want an excellent platform to get the news out? Love the latest security topics and want to write about them?

Now is your chance!

CyberArms is working with the hyper popular international security magazine “Hakin9” to create a new magazine called “ExploitMag”! This cutting edge security magazine will focus on:

  • Metasploit Framework Console Exploits
  • LAN Security for PMI
  • Security flaws on WSDL, SOAP
  • and DoS Attacks

We are looking for volunteer authors who want to help create the first 4 free promotional issues. For consideration, articles should be about 3500 words in length and have at least 3 pictures.

Please e-mail me as soon as possible at cyberarms (at) live.com if you are interested in this ground breaking opportunity.

Hakin9 Exploiting Software April Issue is Out!

The April issue of Hakin9 Mobile Security is out. This month’s magazine features the article “Cisco IOS Rootkits and Malware: A practical guide” by Jason Nehrboss:

Propagating the worm code into a new router can either be quite easy, difficult, or impossible. There are many variations of supported IOS code and hardware platforms. The author discusses the use of and demonstrates an IOS Embedded Event Manager rootkit and worm. When a router is infected it can be leveraged into a powerful malware platform. Capabilities demonstrated are network packet captures, reverse shell connections, a spam module, and a mini malware httpd server leveraged with ip address hijacking. In this article you will learn how to exploit critical network devices, network traffic traversing these devices and act as a launch point for further attacks into a network You will also learn about a self replicating IOS worm with stealth features and self defense mechanisms, all with platform independent code.

Also in this issue Craig Wright continues his excellent series on exploit creation. This month’s article is entitled, “Taking control, Functions to DLL injection“:

DLL injection is one of the most common methods used by malware such as a rootkit to load it into the host’s privileged processes. Once injected, code can be inserted into functions being transmitted between the compromised code and a library function. This step is frequently followed with API hooking where the malicious code is used to vary the library function calls and returns. This article is part of a monthly series designed to take the reader from a novice to being able to create and deploy their own shellcode and exploits. With this knowledge, you will learn just how easy it is for sophisticated attackers to create code that can bypass many security tools. More, armed with this knowledge you will have the ability to reverse engineer attack code and even malware allowing you to determine what the attacker was intending to launch against your system.

Other articles include:

  • Deceiving Networks Defenses with Nmap Camouflaged Scanning By Roberto Saia
  • Exploiting Software By Swetha Dabbara
  • Cross Site Request Forgery – Session Riding By Miroslav Ludvik and Michal Srnec
  • Data Logging with Syslog: A troubleshooting and auditing mechanism By Abdy Martinez
  • Social Engineering – New Era of Corporate Espionage By Amar Suhas

Check it out!

How to find Program Vulnerabilities and Create an Exploit

Some of the top-tier training available for computer security is through SANS. So when David Hoelzer, Senor Fellow of SANS institute and Secure Coding instructor, decides to release a video on finding and exploiting vulnerabilities, it has to be good.

The material covered includes:

  • How exploits work
  • How to find flaws in applications (Fuzzing)
  • How to create an exploit
  • How to move the exploit into Metasploit

The video above is part one of the four part series. A link to the tutorial on the SANS site can be found here:
Creating Metasploit Exploit Modules Step By Step (Tutorial!)

If you are a coder, it is important to write secure code, and this tutorial shows how hackers would attack software. If you are into coding, fuzzing, penetration testing or just want to know how exploits work, check this out!